 |
VOOZH | about |
|
VOOZH | about |
This page documents the server.json manifest, the MCP Registry publication mechanism, and the automated workflow that publishes the server entry via mcp-publisher. It covers only the registry publication concern. For npm package publishing, see 9.2. For the full CI/CD workflow overview, see 9.3. For the server.json file in the context of other configuration files, see 5.3.
The MCP Registry is a public directory of MCP-compatible servers maintained by the Model Context Protocol project. Publishing to it makes the Perplexity MCP server discoverable by MCP clients and tooling that query the registry. Domain ownership (via DNS) is used to verify the publisher's identity, replacing static credential-based authentication.
server.json Manifestserver.json is the registry manifest file. It conforms to the JSON schema published by the MCP project and declares the server's identity, description, version, and how it is packaged and transported.
File: server.json1-17
| Field | Value | Purpose |
|---|---|---|
$schema | https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json | Declares schema version for validation |
name | ai.perplexity/mcp-server | Unique reverse-domain identifier in the registry |
title | Perplexity API Platform | Human-readable display name |
description | Real-time web search, reasoning, and research through Perplexity's API | Short summary shown in registry listings |
version | 0.8.3 | Must match the npm package version |
packages[0].registryType | npm | Package is distributed via npm |
packages[0].identifier | @perplexity-ai/mcp-server | npm package name |
packages[0].transport.type | stdio | Default transport clients should use |
The packages array declares how the server is installed. A single entry points to the npm package with a stdio transport type, meaning clients invoke the server as a subprocess communicating over stdin/stdout (see 2.2 for transport detail).
Diagram: server.json Structure
Sources: server.json1-17
Publication is automated by the GitHub Actions workflow at .github/workflows/publish-mcp.yml1-33
The workflow fires on two conditions:
| Trigger | Condition |
|---|---|
push to main | Only when server.json or package.json is modified |
workflow_dispatch | Manual trigger from the Actions UI |
The path filter ['server.json', 'package.json'] ensures publication only runs when the manifest or package version changes, not on every commit.
Sources: .github/workflows/publish-mcp.yml1-8
Diagram: publish-mcp.yml Step Sequence
Sources: .github/workflows/publish-mcp.yml17-32
mcp-publishercurl -L "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher
The binary is downloaded directly from the MCP registry's GitHub releases at runtime. The platform and architecture are detected dynamically (uname -s, uname -m), normalizing x86_64 → amd64 and aarch64 → arm64. No pinned version is used; latest is always fetched.
Sources: .github/workflows/publish-mcp.yml22-23
echo "${{ secrets.MCP_REGISTRY_PRIVATE_KEY }}" > key.pem
./mcp-publisher login dns --domain perplexity.ai --private-key "$(openssl pkey -in key.pem -noout -text | grep -A3 'priv:' | tail -n +2 | tr -d ' :\n')"
rm key.pem
Authentication works by proving ownership of the perplexity.ai domain. The flow:
MCP_REGISTRY_PRIVATE_KEY secret (a PEM-encoded private key) is written to a temporary key.pem file.openssl pkey extracts the raw private key bytes in hex, which are passed as the --private-key argument.mcp-publisher login dns issues a challenge against the perplexity.ai DNS records to verify domain ownership, using the private key to sign the proof.key.pem is deleted immediately after use.This approach avoids long-lived registry credentials — possession of the domain's private key is the credential.
The MCP_REGISTRY_PRIVATE_KEY secret is stored in the production GitHub Actions environment, which requires explicit environment protection rules to access (.github/workflows/publish-mcp.yml13-14).
Sources: .github/workflows/publish-mcp.yml26-29
./mcp-publisher publish
mcp-publisher publish reads server.json from the working directory and submits the manifest to the MCP Registry under the authenticated domain session. No additional arguments are required because the manifest is self-describing.
Sources: .github/workflows/publish-mcp.yml32
Diagram: DNS-Based Authentication
Sources: .github/workflows/publish-mcp.yml26-32
The version field in server.json should be kept in sync with the version field in package.json. The workflow trigger on package.json changes ensures that version bumps to the npm package also trigger a registry manifest update. However, the versions are not automatically coupled — they must be updated manually in tandem.
| File | Version field | Updated by |
|---|---|---|
package.json | version | Developer / release process |
server.json | version (and packages[0].version) | Developer manually, same PR |
Sources: server.json6-11 .github/workflows/publish-mcp.yml6
| Secret name | Scope | Purpose |
|---|---|---|
MCP_REGISTRY_PRIVATE_KEY | production environment | PEM private key proving ownership of perplexity.ai for DNS-based login |
The secret is accessed only within the production environment gate (.github/workflows/publish-mcp.yml13-14). This environment must be configured in the repository's GitHub settings with appropriate protection rules (e.g., required reviewers or deployment branch restrictions).
Sources: .github/workflows/publish-mcp.yml13-14 .github/workflows/publish-mcp.yml27